#257 – AENOR: ISO 31000 RISK MANAGEMENT CERTIFICATIONS – GREG HUTCHINS

Posted on by

You may be thinking this can’t be right.  ISO 31000 is a guideline document.  ISO 31000 – 2019 explicitly states that it is NOT for certification.

Well things change.

AENOR offers an ISO 31000 certification.

AENOR is the Spanish Association for Standardization.  It is global Certification Body.  It has 20 offices in Spain, almost 600 employees and almost 19,000 management system certificates.[1]

WHY DEVELOP ISO 31000 CERTIFICATES?

Why develop ISO 31000 certificates?  The simple answer is because there’s a market for them.  World wide, management system  certifications are dropping like rocks in air for ISO 9001, ISO 14001, and many other popular management systems.  Some like ISO 27001, cyber certifications are growling albeit in small numbers.

Global CB’s are billion dollar companies with 1000’s of employees.  They need income.  If their traditional meal tickets such as management system certifications are tanking, then they need to do something fast.

What to do?  Many CB’s are rebranding to risk shops.  Many are chasing new certificates such as ISO 31000 Certificates of Conformance, note: NOT management system certifications.

Now, AENOR is different.  They offer a certification not a certificate of conformance.

The global CB’s are reacting to the market and developing new products to meet demand.  The global marketplace hates a vacuum.  The global CB’s are simply responding to market requirements.

We live in VUCA time, specifically Volatility, Uncertainty, Complexity, and Ambiguity time

Risk certi or certificate makes perfect market sense as companies want a third party to look at their risk controls, risk assurance, and management approach.

WHAT IS THE RATIONALE?

AENOR developed UNE ISO 31000 guidelines for:

“ risk faced by organisations and provides a common approach to managing any type of risk, regardless of an organisation’s sector or size and including decision-making at all levels of the organisation.”[2]

According to AENOR, UNE ISO 31000 provides an organization with the following benefits:

  • “Improvement and reduction of reputation risks or those of an operational or strategic nature, etc. for the organisation.
  • It contributes confidence to the market and it provides security to the governing bodies of an organisation.
  • It reduces uncertainty and optimises results and resources.
  • It helps them to be ready to provide a response to crisis situations, reduce their consequences and restore normality to the main activities in the shortest possible time, so that the continuity of the organisation is not compromised.
  • Organisations that are more aware of reality achieve an improvement when making decisions by systematising them and carrying them out according to the best available information.”[3]

HOW DOES ISO 31000 CERTIFICATION WORK?

Global Certification Bodies are working around the ISO 31000 guideline to develop CB specific rules for certification.

AENOR risk management certification according to UNE-ISO 31000 recognises organisations that have implemented a risk management model that follows all the guidelines and recommendations established in the standard. It focuses mainly on corporate risk and facilitates progress in the management of other more specific types of risk such as operational, legal, financial and strategic risk.[3]

What do you think of these ISO 31000 certification developments?  Do they make sense?  Will more organizations become ISO 31000 certified?

[1] Wikipedia, AENOR, 2019.

[2] AENOR website, https://www.en.aenor.com/certificacion/riesgos-y-seguridad/gestion-riesgos.

[3] AENOR website, https://www.en.aenor.com/certificacion/riesgos-y-seguridad/gestion-riesgos.

 

Leave a Reply

Your email address will not be published.